Closed PrimozRome closed 11 years ago
dre1080
commented
11 years ago does it throw or log an exception silently anywhere? See https://github.com/dre1080/warden/blob/master/classes/warden/driver.php#L308-L340 and https://github.com/dre1080/warden/blob/master/classes/warden/model/user.php#L310-L347
PrimozRome
commented
11 years ago Hmm haven't noticed any exception anywhere regarding this... I will try to debug and see why this isn't logged.
dre1080
commented
11 years ago Any more info on this?
PrimozRome
commented
11 years ago Ok I did some debugging. It's this part of code in https://github.com/dre1080/warden/blob/master/classes/warden/model/user.php#L310-L347, that sets sign_in_count to 0 at every login. Don't know why that logic is ment to be this way? Maybe you can explain?
if (\Config::get('warden.lockable.in_use') === true &&
\Config::get('warden.lockable.lock_strategy') == 'sign_in_count')
{
$this->sign_in_count = 0; // due to my config settings it always falls into this condition
} else {
$this->sign_in_count += 1;
}My congif is:
...
'trackable' => true,
'lockable' =>
array(
'in_use' => true,
'maximum_attempts' => 10,
'lock_strategy' => 'sign_in_count',
'unlock_strategy' => 'both',
'unlock_in' => '+1 week',
'url' => 'unlock',
),
...This is expected when using sign_in_count as the lock_strategy..
Note that, that piece of code only runs after successful login.
It has to be reset or else the user will eventually pass the maximum attempts and lock their account even after successful logins.
You can add a new column eg. failed_attempts, and use that as the lock_strategy to prevent this from happening.
I setup warden but it does not log:
even though 'trackable' is set to true in Warden config.